A Distributed Denial-of-Service (DDoS) attack can be catastrophic as it can completely ground organizational processes. It renders IT systems inoperable and is costly to organizations and businesses. The average cost of a DDoS attack is about $100,000 per hour based on data provided by CloudFlare. This implies that when the attack lasts for hours, a business could lose a fortune. Besides, there are longer-term costs associated with DDoS attacks. It may lead to loss of reputation and clients, along with brand degradation. If you do not know what these attacks are, this article is for you. So what are DDoS attacks? This article highlights what they are and how to prevent them.
What Is DDoS?
A denial of service (DoS) attack floods a computer with requests that consume its resources or a network its available bandwidth. A DDoS is a DoS attack where multiple compromised systems with a Trojan infection are used to target a single system or network. The victims of such attacks usually comprise all systems maliciously used and controlled by the hacker through the Trojan horse infections and the end-targeted system of the distributed attack.
A DoS attack differs from a DDoS attack in that a DoS attack uses a single computer and one internet connection effectively flooding and disabling a target or victim’s system or IT resources, while a DDoS attack uses multiple computers and Internet connections to flood targeted IT resources or systems. DDoS attacks can be global in scope, relayed and distributed through botnets. They are difficult to mitigate because of their many vectors of attack.
What Are DDoS Attacks?
A basic DDoS attack involves bombarding one or more IP addresses, typically addresses of web servers, with large volumes of web traffic. Note that the copious web traffic is illegitimate and will probably ground the web server so that legitimate users cannot reach the website.
DDoS attacks can have different objectives. One form of attack aims at applications and affects a network’s application-layer. The data messages sent by attackers can deplete or exhaust resources in the application layer, which leaves the victim’s targeted system services unavailable.
DDoS traffic attacks entail sending a huge volume of ICMP, UDP, and TCP packets to the target. The packets don’t necessarily have to be valid information; the fact that they are properly formed packets received by the target is sufficient. The illegitimate requests overwhelm a server and may be accompanied by malware exploitation.
Bandwidth DDoS attacks overload the victim’s targeted system pipeline with huge amounts of junk data. In effect, network bandwidth and equipment are overloaded and compromised leading to a complete shutdown of services.
Another type of DDoS attack is the SYN flood attack. SYN is one part of a three-way TCP handshake establishing communication. Essentially, the offender sends TCP connection requests faster than the recipient can process them to consume resources on the targeted server and render it unresponsive.
Whatever form a DDoS attack takes, it’s the first D, the distributed nature that makes retaliation and rectifications very difficult. Security measures can’t block particular sources of an attack because they are constantly spreading through legitimate channels.
Challenges Of Preventing DDoS Attacks
DDoS attacks typically operate following similar principles, but the malicious traffic is generated from multiple sources, although coordinated from a central point. Since the traffic sources are distributed throughout the world, preventing such attacks is harder than DoS attacks that come from a single IP address.
Another issue when preventing the attacks is that many attacks orchestrated today are “amplification” attacks. These type of attacks entail sending out small data packets to the server under attack. For example, a DNS amplification attack is a well-known example, where a 60 byte DNS request results in a 4,000-byte response being sent to the victim’s systems. This means that there is an amplification factor of about 67 times the original packet size.
Attackers have also found ways of exploiting the Memcache server feature to launch Memcached amplification attacks. This involves sending a 15-byte request that results in about a 750kb response, which is an amplification factor of over 50,000 times the original packet size. GitHub’s DDoS attack is the world’s largest attack that occurred earlier this year (2018). It was a Memcached amplification attack that peaked at approximately 1.35 Tbps of data hitting the company’s servers.
Note that the benefit to malicious actors behind amplification attacks is that they only need a small amount of bandwidth at their disposal to launch larger attacks in the victim’s servers than they could do when directly attacking the victims.
How To Protect My Website From DDoS Attacks
DDoS attacks are usually very troublesome for anyone running any kind of website. Attackers are increasingly using sophisticated methods of compromising sites. This implies that stopping such attacks is becoming harder. If your website is targeted and you have not put in place adequate protection measures, your website will go offline and it will be impossible to get it back on track manually. This causes several unwanted problems and costs you a lot of money.
However, we recommend the following steps to stop or reduce the attacks:
Purchase More Bandwidth
This is the most basic step you can take towards the prevention of the attacks and make your IT infrastructure resistant to a point. Ensure that you have enough bandwidth to handle any web traffic spikes that may be due to the malicious activities. In the past, having more bandwidth ensured that the attacks could not exploit your system. However, with the current amplification attacks, this is no longer practical. However, more bandwidth raises the bar for an attacker to overcome before launching a successful attack.
Build Redundancy Into Your IT Infrastructure
Make it impossible for attackers to launch a successful attack by spreading the infrastructure across multiple data centers with a good load balancing. This helps you distribute traffic between them. If possible, they should be located in different countries. For this to work, the data center should be connected to different networks so there are no single points of failure. If one server is affected by an attack, the other servers will continue running.
Contact Your ISP
Your internet provider can be of great help when dealing with these attacks. The provider can detect the attacks and re-route them whenever they happen. Some ISPs will even offer certain protections at no additional cost.
The key point of preventing the attack is being able to detect them. Once you detect the attack. Block the IP address that started the attack from accessing your site. You might be able to deter a full-out launch. DDoS mitigation helps you detect the attack and redirect from your main server.
Configure Network Hardware Against The Attacks
You can adopt some hardware configuration changes to prevent the attacks. For instance, you can configure your firewall or router to drop incoming ICMP packets or even block DNS responses from outside networks. Many times these functions aren’t needed at all and simply remain enabled because of inattention.
Deploy Anti-DDoS Software And Hardware Modules
Protect your servers with network firewalls and specialized web application firewalls. Hardware vendors include software protection mechanisms against the attacks by monitoring incomplete connections and flushing them out when they reach a certain threshold value.
Deploy A DDoS Protection Appliance
Security vendors such as Fortinet, NetScout, Cisco, and Check Point offer appliances that sit in front of the network firewall and designed to block DDoS attacks before taking effect. These appliances use several techniques, such as carrying out traffic behavioral baselining and blocking abnormal traffic based on known attack signatures.
Protect Your DNS Servers
The attacker could bring your web server offline by attacking the DNS server. Ensure that the servers have redundancy by placing them in different data centers. It may be an added advantage if you moved to a cloud-based DNS provider with a higher bandwidth and multiple points of presence in worldwide data centers.
A Distributed Denial of Service attack involves bombarding an IP address with large volumes of web traffic. The web traffic volumes are illegitimate and will ground the web server so that legitimate users cannot reach the website. DDoS attacks affect the application-layers of IT infrastructure, the bandwidth, or web traffic.
The problem associated with preventing the attacks is that they involve multiple sources, only coordinated from a central point and that not necessarily in real time. The traffic sources are distributed worldwide, making the prevention of such attacks harder than DoS attacks, which originate from a single IP address. An attacker can now “amplify” the attack, commonly referred to as Memcached amplification attacks, making it difficult to control.
There are various steps to take to prevent the attacks. These include purchasing more bandwidth, building redundancy into your IT infrastructure, contacting your ISP for help, DDoS mitigation, configuring network hardware, deploying anti-DDoS software and hardware modules, hiring a DDoS specialist, deploying a DDoS protection appliance, and protecting your DNS servers. Not all of these are in reach of small enterprises, but then the enticement of small operations as targets is much less in proportion.
You can make it impossible for attackers to launch a successful attack by spreading the infrastructure across multiple data centers with good load balancing. Configure your firewall to drop incoming ICMP packets and block DNS responses from outside networks. Ensure that the servers have redundancy by placing them in different data centers.
We genuinely hope that this article has adequately addressed what DDoS attacks are and how you can prevent them.